directory namespace improvements & refactorings

Author: vgrem

examples/directory/applications/get_delegated_perms.py

@@ -30,7 +30,7 @@
 
 # Step 2: Grant an app role to a client app
 app = client.applications.get_by_app_id(test_client_id)
-resource.grant_application(app, "MailboxSettings.Read").execute_query()
+resource.grant_application_permissions(app, "MailboxSettings.Read").execute_query()
 
 
 # Step 3. Print app role assignments

examples/directory/applications/grant_application_perms.py

@@ -24,4 +24,4 @@
 # app_role = "User.Read.All"
 app_role = "DeviceLocalCredential.Read.All"
 user = client.users.get_by_principal_name(test_user_principal_name)
-resource.grant_delegated(test_client_id, user, app_role).execute_query()
+resource.grant_delegated_permissions(test_client_id, user, app_role).execute_query()

examples/directory/applications/grant_delegated_perms.py

@@ -24,7 +24,7 @@
 user = client.users.get_by_principal_name(test_admin_principal_name)
 client_app = client.applications.get_by_app_id(test_client_id)
 # result = resource.get_delegated(client_app, user, app_role).execute_query()
-result = resource.get_delegated(test_client_id, user, app_role).execute_query()
+result = resource.get_delegated_permissions(test_client_id, user, app_role).execute_query()
 if len(result) == 0:
     print("Delegated permission '{0}' is not set".format(app_role))
 else:

examples/directory/applications/has_delegated_perms.py

@@ -0,0 +1,34 @@
+"""
+How to grant and revoke delegated permissions for an app using Microsoft Graph.
+Delegated permissions, also called scopes or OAuth2 permissions, allow an app to call an API
+on behalf of a signed-in user.
+
+
+https://learn.microsoft.com/en-us/graph/permissions-grant-via-msgraph?tabs=http&pivots=grant-delegated-permissions
+"""
+
+from office365.graph_client import GraphClient
+from tests import (
+    test_client_id,
+    test_tenant,
+    test_client_secret,
+)
+
+# client = GraphClient.with_token_interactive(
+#    test_tenant, test_client_id, test_admin_principal_name
+# )
+
+client = GraphClient.with_client_secret(test_tenant, test_client_id, test_client_secret)
+
+
+resource = (
+    client.service_principals.get_by_name("Microsoft Graph")
+)
+
+result = resource.get_application_permissions(test_client_id).execute_query()
+for app_role in result.value:
+    print(app_role)
+
+
+
+

examples/directory/applications/list_application_perms.py

@@ -9,20 +9,20 @@
 
 from office365.graph_client import GraphClient
 from tests import (
-    test_admin_principal_name,
     test_client_id,
     test_tenant,
-    test_user_principal_name,
+    test_client_secret,
 )
 
-client = GraphClient.with_token_interactive(
-    test_tenant, test_client_id, test_admin_principal_name
-)
+#client = GraphClient.with_token_interactive(
+#    test_tenant, test_client_id, test_admin_principal_name
+#)
+
+client = GraphClient.with_client_secret(test_tenant, test_client_id, test_client_secret)
 
 
-resource = client.service_principals.get_by_name("Microsoft Graph")
-user = client.users.get_by_principal_name(test_user_principal_name)
-result = resource.get_delegated(test_client_id, user).execute_query()
+resource = client.service_principals.get_by_name("Microsoft Graph").get().execute_query()
+result = resource.get_delegated_permissions(test_client_id, only_admin_consent=True).execute_query()
 
 for grant in result:
-    print(grant)
+    print(grant.scope)

examples/directory/applications/list_delegated_perms.py

@@ -24,4 +24,4 @@
 
 # Get resource
 resource = client.service_principals.get_by_name("Microsoft Graph")
-resource.revoke_application(test_client_id, "MailboxSettings.Read").execute_query()
+resource.revoke_application_permissions(test_client_id, "MailboxSettings.Read").execute_query()

examples/directory/applications/revoke_application_perms.py

@@ -19,4 +19,4 @@
 # Step 1: Get resource service principal
 resource = client.service_principals.get_by_name("Microsoft Graph")
 user = client.users.get_by_principal_name(test_user_principal_name)
-resource.revoke_delegated(test_client_id, user, "User.Read.All").execute_query()
+resource.revoke_delegated_permissions(test_client_id, user, "User.Read.All").execute_query()

examples/directory/applications/revoke_delegated_perms.py

@@ -14,8 +14,7 @@
 
 client = GraphClient.with_client_secret(test_tenant, test_client_id, test_client_secret)
 query = """
-DeviceProcessEvents | where InitiatingProcessFileName =~ \"powershell.exe\"
-| project Timestamp, FileName, InitiatingProcessFileName
-| order by Timestamp desc | limit 2"""
+DeviceProcessEvents | where InitiatingProcessFileName =~ \"powershell.exe\" | project Timestamp, FileName, \
+InitiatingProcessFileName | order by Timestamp desc | limit 2"""
 result = client.security.run_hunting_query(query).execute_query()
 print(result.value)

examples/security/run_hunting_query.py

@@ -1,37 +1,3 @@
-from office365.sharepoint.fields.creation_information import FieldCreationInformation
-from office365.sharepoint.fields.type import FieldType
-from office365.sharepoint.lists.creation_information import ListCreationInformation
-from office365.sharepoint.lists.list import List
-from office365.sharepoint.lists.template_type import ListTemplateType
-from office365.sharepoint.webs.web import Web
-from tests import create_unique_name
 
 
-def upload_sample_file(context, path):
-    """
-    :type context: office365.sharepoint.client_context.ClientContext
-    :type path: str
-    """
-    folder = context.web.default_document_library().root_folder
-    with open(path, "rb") as f:
-        file = folder.files.upload(f).execute_query()
-    return file
 
-
-def create_sample_tasks_list(web):
-    # type: (Web) -> List
-    list_title = "Company Tasks"
-
-    list_title = create_unique_name("Tasks N")
-    list_create_info = ListCreationInformation(
-        list_title, None, ListTemplateType.TasksWithTimelineAndHierarchy
-    )
-
-    return_type = web.lists.add(list_create_info).execute_query()
-    field_info = FieldCreationInformation("Manager", FieldType.User)
-    return_type.fields.add(field_info).execute_query()
-    return return_type
-
-
-def configure():
-    pass